Since early 2015, new malware has started targeting banks, payment card processors, and other financial services. It steals sensitive information from the targets. The malware infects a computer and steals sensitive data out of the computer memory. It is called the Nemesis Bootkit.
What is the Nemesis Bootkit?
Nemesis Bootkit is a part of Nemesis malware that includes programs for transferring files, capturing screens, logging keystrokes, injecting processes, or doing other malicious activities.
The difference that makes Nemesis Bootkit much more harmful than most other malware programs is that it changes the Master Boot Record and can survive through the re-installation of Operating Systems. It is much harder to detect, and once detected, it is much harder to remove.
How does the Nemesis Bootkit infect a computer?
In Windows Systems, MBR or Master Boot Record stores information about the disk, such as the number and layout of partitions, etc. This MBR is critical to the boot process. It stores a small amount of code, which searches for the primary active partition and transfers the control to the Volume Boot Record or VBR of the partition.
This VBR resides in the first sector of individual partitions. It contains a small machine code specific to the Operating System and instructs the Operating System to begin the boot process.
Nemesis Bootkit hijacks the boot process of the computer. It first uses a multi-step process to create a custom virtual file system and stores the Nemesis components within the unallocated space between the partitions.
It then replaces the VBR code with its own malicious code so that it can intercept certain boot process functions and inject Nemesis components into the Windows Kernel.
Once it infects a computer, it starts its malicious activities to steal sensitive data from targeted banks, payment card processors, or other financial services.
How to prevent the Nemesis Bootkit?
As discussed earlier, Nemesis Bootkit is much harder to detect and remove. Because of the way it infects a computer, simple re-installation cannot get rid of it completely.
But, there is a valid solution to remove it, though the practicality of the solution is questionable. If someone wipes the disks completely and then re-installs the Operating System, this malware can be removed.
Please note that Nemesis Bootkit does not install on computers that use GUID partitions. GUID partition was introduced as part of the Extensible Firmware Interface initiative, and it is an alternative to the old Master Boot Record. So, the use of this newer technology also can help financial services to prevent this threat.
This was an introductory article to give you some information about the Nemesis Bootkit. I hope it helped. Interested readers who want to know more about how different malware and cyberattacks work and how we can prevent them may want to refer to the book “A Guide To Cyber Security.”
0 Comments